Date: Mon, 21 Oct 2019 14:39:01 +0000 From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 200185] if_tap: Deprecate net.link.tap.user_open sysctl Message-ID: <bug-200185-7501-noiIRybHjS@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-200185-7501@https.bugs.freebsd.org/bugzilla/> References: <bug-200185-7501@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D200185 --- Comment #10 from commit-hook@freebsd.org --- A commit references this bug: Author: kevans Date: Mon Oct 21 14:38:12 UTC 2019 New revision: 353798 URL: https://svnweb.freebsd.org/changeset/base/353798 Log: tuntap(4): restrict scope of net.link.tap.user_open slightly net.link.tap.user_open has historically allowed non-root users to do devfs cloning and open /dev/tap* nodes based on permissions. Loosen this up to make it only allow users to do devfs cloning -- we no longer check it in tunopen. This allows tap devices to be created that can actually be opened by a us= er, rather than swiftly restricting them to root because the magic sysctl has not been set. The sysctl has not yet been completely deprecated, because more thought is needed for how to handle the devfs cloning case. There is not an easy suitable replacement for the sysctl there, and more care needs to be plac= ed in determining whether that's OK or not. PR: 200185 Changes: head/UPDATING head/sys/net/if_tuntap.c --=20 You are receiving this mail because: You are on the CC list for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-200185-7501-noiIRybHjS>